Hello Olivier, thank you very much for your efforts but I have to bring this up here: Having "some general friction with following upstream" seems to be an ongoing problem with Thunderbird.
Transition from TB 68 to 78 left users of ubuntus latest LTS without security updates for over 6 months https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1895643 >From TB 78 to 91 the (un)security gap for (latest) LTS users has been over 4 >months https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1949605 and now in the transition between TB 91 and 102 we are already over 3 months without security updates. All this for the at that points of time latest Ubuntu LTS. Older LTS have/had to wait even longer for security updates. At the same time unpatched security vulnerabilities and CVEs are popping up more and more. I've been watching this misery for years now and I really appreciate Olivier's efforts, but there seems to be something fundamentally wrong here. Besides browsers, mail clients are the second most exposed user applications and a classic gateway for malware. It is unacceptable that Thunderbird regularly exists unpatched for so long periods of time. This sheds a very bad light on Ubuntu's security. I know that there are optional Snaps but the vast majority of users stick with the pre-installed programs and are led to believe that they will receive regular updates this way. And they should be right about that. So what can be done to fix this issue once and for all? /edit: and how long will it take this time? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to thunderbird in Ubuntu. https://bugs.launchpad.net/bugs/1990886 Title: Security updates missing after 91.11.0 Status in thunderbird package in Ubuntu: In Progress Bug description: Upstream released Thunderbird 91.11.0 on June 28, 2022. It's now at 91.13.1 from September 19, 2022. The release notes say: "By popular demand, Thunderbird 91.13.1 contains important security updates that shipped in Thunderbird 102.2.1. Users are encouraged to update as soon as possible." Source: https://www.thunderbird.net/en-US/thunderbird/91.13.1/releasenotes/ Ubuntu 22.04 Jammy (but also the other supported LTS) still has Thunderbird 91.11.0 (1:91.11.0+build2-0ubuntu0.22.04.1) without the security fixes after 91.11.0. The package should be updated to 91.13.1. Given that it has been three months without security updates, there seems to be some general friction with following upstream. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1990886/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
